Financial institutions, such as banks, credit card issuers, and loan companies, routinely provide a wide range of confirmation services upon request. Typical confirmation services include, for example, audit confirmations, credit inquiries, deposit verifications, government address verifications, and verifications of financial account information for benefits eligibility. Table 1 below lists some typical confirmation services that may be offered by a financial institution and also provides a brief explanation of each service.
TABLE ITypical Confirmation ServicesConfirmation TypeInformation & ContextAudit Confirmationrequest for account or loan balances from an accounting firm (or accountant) performing audit on a client's booksCredit Inquiryrequest from a third-party vendor (e.g., credit card issuer) prior to extending credit to a customerVerification of request from a mortgage company to verify Deposit for Mortgagesassets of a borrowerPersonal Depositrequest from a customer seeking proof of his Verificationor her balances and/or accountsGovernment Addressrequest from government to confirm a Verificationcustomer's mailing addressAccount Verification request from a customer seeking proof of for Immigrationaccounts for visa or immigration purposesConsumer Request request from government regarding a customer's (for housing, Medicaid, account history to determine eligibility for social security, etc.)housing, Medicaid, social security, or other government-sponsored aids and benefitsBy providing the various confirmation services, a financial institution not only supplies financial information as requested, but also signs off and attests to the accuracy of the data as a trusted party. With the large volumes of confirmation requests being processed on a routine basis, it is desirable to fulfill each of the confirmation requests efficiently and accurately without any compromise of privacy or security.
Currently, however, most audit confirmation and other confirmation services still rely on manual, paper-based processes that can be both inefficient and inaccurate. A manual process typically starts with a bank's receipt of audit confirmation requests via postal mail or facsimile. The bank's mailroom workers have to open, count and sort the request letters before routing them to appropriate departments for fulfillment. A group of bank employees, known as “confirmations specialists,” have been specifically hired and trained to process the confirmation requests. A confirmations specialist needs to make a determination as to whether the bank is authorized and able to fulfill a particular request. If so, the confirmations specialist will look up the account data requested and fill in a response form or generate a response letter. The form or letter is then signed by a bank official and mailed or faxed back to the requestor. Several issues exist with this type of manual processes, such as inconsistent turnaround, multiple handoffs, lengthy processing cycle time, and lack of status information. Even assuming every step went smoothly, the manual fulfillment process would typically take a few days to complete. If any error or irregularity occurs during the process, it may take several days for a confirmation request to be fulfilled, if it is fulfilled at all. Requestors often become frustrated when they hear no response to their confirmation requests for weeks or end up receiving non-responsive or incorrect information, as it may hold up the requestors' ongoing work such as auditing or loan processing. Furthermore, the manual fulfillment process also present risks of data security as multiple paper copies are often generated for each confirmation request and may become misplaced or mishandled by the multiple bank employees involved in the manual process.
Capital Confirmation, Inc. (CCI) has attempted to streamline audit confirmation with a secure electronic intermediary service between a requestor (an auditor) and a responder (a financial institution). However, CCI has achieved very limited success because its technological and business solutions suffer from a number of shortcomings.
First, as a third-party intermediary, CCI does not own or have direct access to the financial data requested by auditors and therefore has to either rely on periodic data dumps from financial institutions or wait for the financial institutions to respond to individual data requests. CCI has to partner with a sufficient number of financial institutions in order to be able to timely respond to audit confirmations. For privacy and security concerns, it is impractical (and also costly) for banks to batch-export sensitive financial data to a third party's system such as CCI's. If CCI has to request individual pieces of data from the banks anyways, then, in terms of time and cost, it is hardly justifiable for the auditors to go through CCI rather than dealing with the banks directly. In any event, since CCI has no direct access to the source of financial data, CCI's solution cannot substantially affect, let alone improve, the confirmation process taking place within the banks.
Second, while CCI can relay financial data to the requestors, it is in no position to attest to the accuracy of the data. After all, it is the financial institutions maintaining the data who are the real trusted parties in the confirmation process. A bank can vouch for the veracity of financial information more confidently when the information is directly delivered to a requestor than when the information is relayed through a third party. The best CCI can do is to serve as an agent or proxy for auditors or accountholders.
Third, CCI's role as an intermediary among an auditor, an auditee (account holder), and the auditee's bank actually complicates the authentication and authorization procedures, at least from the bank's standpoint. Instead of receiving authorization directly from the bank's customer (account holder—auditee), the bank is obligated to take the extra step of determining whether requests relayed by CCI are fully authorized.
In view of the foregoing, it may be understood that there are significant problems and shortcomings associated with current confirmation services.